Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > why call cipher.getInstance(),throw below error?

Reply
Thread Tools

why call cipher.getInstance(),throw below error?

 
 
junzhang1983@gmail.com
Guest
Posts: n/a
 
      07-07-2008
my source code is:
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");

when run it , cause below error,who can explain it,thanks in
advance.....

java.lang.ExceptionInInitializerError
at java.lang.Class.runStaticInitializers(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.getInstance(Unknown Source)
at
com.pioneer.bluray.security.authenticator.Signatur eChecking.rsaDecrypt(Unknown
Source)
at
com.pioneer.bluray.security.authenticator.Signatur eChecking.fetchSignature(Unknown
Source)
at
com.pioneer.bluray.security.authenticator.Signatur eChecking.checkCredentialValues(Unknown
Source)
at
com.pioneer.bluray.security.authenticator.Signatur eChecking.checkCredentials(Unknown
Source)
at
com.pioneer.bluray.security.authenticator.DVBSecUt ils.invokeSecurity(Unknown
Source)
at org.dvb.lang.DVBClassLoader.securityCheck(Unknown Source)
at org.dvb.lang.DVBClassLoader.acquireData(Unknown Source)
at org.dvb.lang.DVBClassLoader.defineClassPrivileged( Unknown
Source)
at org.dvb.lang.DVBClassLoader.access$000(Unknown Source)
at org.dvb.lang.DVBClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknow n Source)
at org.dvb.lang.DVBClassLoader.findClass(Unknown Source)
at org.dvb.lang.DVBClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.tv.Request.execReq(Unknown Source)
at com.sun.tv.XletRunnable$ExecThread.run(Unknown Source)
at java.lang.Thread.startup(Unknown Source)
Caused by: java.lang.SecurityException: Cannot set up certs for
trusted CAs
at javax.crypto.SunJCE_b.<clinit>(Unknown Source)
... 20 more
Caused by: java.lang.SecurityException: Jurisdiction policy files
are not signed by trusted signers!
at javax.crypto.SunJCE_b.f(Unknown Source)
at javax.crypto.SunJCE_b.e(Unknown Source)
at javax.crypto.SunJCE_s.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknow n Source)
at java.security.AccessController.doPrivileged(Unknow n Source)
... 21 more
 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      07-07-2008
On Mon, 7 Jul 2008 03:01:38 -0700 (PDT), http://www.velocityreviews.com/forums/(E-Mail Removed) wrote,
quoted or indirectly quoted someone who said :

> Security.addProvider(new BouncyCastleProvider());
>Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");


I will make a guess here that the jar you got from BouncyCastle was
digitally signed using Jarsigner. Have a peak inside the jar at the
manifests to see. BouncyCastle's certificate may have been backed by
a CA not in your .cacerts. What you would then need to do is import
the root cert of that CA as a certificate authority.

Perhaps some file YOU created has the same problem, possibly a
self-signed certificate.

You can use keytool.exe. see
http://mindprod.com/jgloss/keytoolex...#UPDATINGROOTS
or keyman. See http://mindprod.com/jgloss/keyman.html

Also see
http://mindprod.com/jgloss/certificate.html#UPDATING

see also
http://www.jensign.com/JavaScience/d...ypt/index.html
for an example of RSA ciphers.


I wrote the following SSCCE to see if I could help you out.

Unfortunately, my code does not work and I can't figure out why.
It just gets -1 when I try to read back the encrypted length I put on
the front of the stream.

JCE code rarely works first time. However, I am having a different
problem from you, so perhaps this code might give you a clue.

package com.mindprod.example;

import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/**
* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* This particular version uses RSA/ECB/PKCS1Padding
* but it fairly easy to convert it to use other algorithms.
* RSA requires a digital certificate in your .keystore.
* <p/>
* composed with IntelliJ IDEA
*
* @author Roedy Green, Canadian Mind Products
* @version 1.0 2008-07-07
*/
public class TestCipherRSA
{
// ------------------------------ FIELDS
------------------------------

/**
* configure with encryption algorithm to use. Changes to
algorithm may require additional ivParms.
*/
private static final String ALGORITHM = "RSA";

/**
* configure with block mode to use. We have to use insecure ECB
since Sun support nothing else.
*/
private static final String BLOCK_MODE = "ECB";

/**
* where to find .keystore
*/
private static final String KEYSTORE_FILENAME =
"C:/users/roedy/.keystore";

/**
* configure with padding method to use
*/
private static final String PADDING = "PKCS1Padding";

/**
* alias of the RSA certificate in .keystore in JKS format.
Contains private key of recipient.
*/
private static final String RECEIVERS_PRIVATE_CERTIFICATE_ALIAS =
"mindprodcert2008rsa";

/**
* receiver's public key in standalone certificate, in x.509
format
*/
private static final String RECEIVERS_PUBLIC_CERTIFICATE =
"E:/mindprod/contact/mindprodcert2008rsa.cer";

/**
* the encoding to use when converting bytes <--> String
*/
private static final Charset CHARSET = Charset.forName( "UTF-8" );

// -------------------------- STATIC METHODS
--------------------------

/**
* read an enciphered file and retrieve its plaintext message.
*
* @param cipher method used to encrypt the file
* @param privateCert certificate, including private key of
recipient.
* @param file file where the message was written.
* @return the reconstituted decrypted message.
* @throws java.security.InvalidKeyException
* if something wrong with the key.
* @throws java.io.IOException if problems reading the file.
*/
@SuppressWarnings( { "JavaDoc" } )
private static String readCiphered( Cipher cipher, X509Certificate
privateCert, File file )
throws InvalidKeyException, IOException,
InvalidAlgorithmParameterException
{
cipher.init( Cipher.DECRYPT_MODE, privateCert );

final CipherInputStream cin = new CipherInputStream( new
FileInputStream( file ), cipher );

// read big endian short length, msb then lsb
final int messageLengthInBytes = ( cin.read() << 8 ) |
cin.read();
System.out.println( file.length() + " enciphered bytes in
file" );
System.out.println( messageLengthInBytes + " reconstituted
bytes" );

final byte[] reconstitutedBytes = new
byte[messageLengthInBytes];

// we can't trust CipherInputStream to give us all the data in
one shot
int bytesReadSoFar = 0;

int bytesRemaining = messageLengthInBytes;
while ( bytesRemaining > 0 )
{
final int bytesThisChunk = cin.read( reconstitutedBytes,
bytesReadSoFar, bytesRemaining );
if ( bytesThisChunk == 0 )
{
throw new IOException( file.toString() + " corrupted."
);
}
bytesReadSoFar += bytesThisChunk;
bytesRemaining -= bytesThisChunk;
}
cin.close();
return new String( reconstitutedBytes, CHARSET );
}

/**
* write a plaintext message to a file enciphered.
*
* @param cipher the method to use to encrypt the file.
* @param publicCert the certificate, containing public key
of recipient.
* @param file the file to write the encrypted message to.
* @param plainText the plaintext of the message to write.
* @throws java.security.InvalidKeyException
* if something is wrong with they key
* @throws java.io.IOException if there are problems writing the
file.
* @throws java.security.InvalidAlgorithmParameterException
* if problems with CBC_SALT.
*/
private static void writeCiphered( Cipher cipher, X509Certificate
publicCert, File file, String plainText )
throws InvalidKeyException, IOException,
InvalidAlgorithmParameterException
{
cipher.init( Cipher.ENCRYPT_MODE, publicCert );
final CipherOutputStream cout = new CipherOutputStream( new
FileOutputStream( file ), cipher );
final byte[] plainTextBytes = plainText.getBytes( CHARSET );
System.out.println( plainTextBytes.length + " plaintext bytes
written" );
// prepend with big-endian short message length, will be
encrypted too.
cout.write( plainTextBytes.length >>> 8 );// msb
cout.write( plainTextBytes.length & 0xff );// lsb
cout.write( plainTextBytes );
cout.close();
}

// --------------------------- main() method
---------------------------

/**
* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
*
* @param args not used
* @throws java.security.NoSuchAlgorithmException
* if DES is not supported
* @throws javax.crypto.NoSuchPaddingException
* if PKCS5 padding is not supported.
* @throws java.security.InvalidKeyException
* if there is something wrong with
the key.
* @throws java.io.IOException if there are problems reading or
writing the file.
* @throws java.security.InvalidAlgorithmParameterException
* if problems with CBC_SALT.
*/
public static void main( String[] args ) throws
CertificateException,
InvalidAlgorithmParameterException,
InvalidKeyException,
IOException,
KeyStoreException,
NoSuchAlgorithmException,
NoSuchPaddingException,
NoSuchProviderException
{
// The secret message we want to send to our secret agent in
London.
final String plainText = "W. to visit Abu Ghraib for a hands
on, wink wink, tomorrow at 19:05.";

// instead of generating a secret key, we use a certificate,
contanining the receiver's public key
final FileInputStream fis = new FileInputStream(
RECEIVERS_PUBLIC_CERTIFICATE );
final CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
final X509Certificate publicCert = ( X509Certificate )
cf.generateCertificate( fis );

// use default Sun provider
final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +
BLOCK_MODE + "/" + PADDING );

// write out the ciphered message
writeCiphered( cipher, publicCert, new File( "transport.bin"
), plainText );

// now try reading message back in deciphering it.
final KeyStore keystore = KeyStore.getInstance( "JKS" );
keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
);
final X509Certificate privateCert = ( X509Certificate )
keystore.getCertificate( RECEIVERS_PRIVATE_CERTIFICATE_ALIAS );

final String reconstitutedText = readCiphered( cipher,
privateCert, new File( "transport.bin" ) );

System.out.println( "original: " + plainText );
System.out.println( "reconstituted: " + reconstitutedText );

// output is:
// 68 plaintext bytes written
// 128 enciphered bytes in file (indeed there are)
// -1 reconstituted bytes -- OOPS. Not deciphering
properly

}
}
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      07-07-2008
Here is a slightly tidier version of the code after running it through
Intellij Lint.


package com.mindprod.example;

import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/**
* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* This particular version uses RSA/ECB/PKCS1Padding
* but it fairly easy to convert it to use other algorithms.
* RSA requires a digital certificate in your .keystore.
* <p/>
* composed with IntelliJ IDEA
*
* @author Roedy Green, Canadian Mind Products
* @version 1.0 2008-07-07
*/
public class TestCipherRSA
{
// ------------------------------ FIELDS
------------------------------

/**
* configure with encryption algorithm to use. Changes to
algorithm may require additional ivParms.
*/
private static final String ALGORITHM = "RSA";

/**
* configure with block mode to use. We have to use insecure ECB
since Sun support nothing else.
*/
private static final String BLOCK_MODE = "ECB";

/**
* where to find .keystore
*/
private static final String KEYSTORE_FILENAME =
"C:/users/roedy/.keystore";

/**
* configure with padding method to use
*/
private static final String PADDING = "PKCS1Padding";

/**
* alias of the RSA certificate in .keystore in JKS format.
Contains private key of recipient.
*/
private static final String RECEIVERS_PRIVATE_CERTIFICATE_ALIAS =
"mindprodcert2008rsa";

/**
* receiver's public key in standalone certificate, in x.509
format
*/
private static final String RECEIVERS_PUBLIC_CERTIFICATE =
"E:/mindprod/contact/mindprodcert2008rsa.cer";

/**
* the encoding to use when converting bytes <--> String
*/
private static final Charset CHARSET = Charset.forName( "UTF-8" );

// -------------------------- STATIC METHODS
--------------------------

/**
* get the receiver's private cert from .keystore.
*
* @return certificate containing private key
* @throws KeyStoreException if .keystore corrupt.
* @throws IOException if trouble loading cert.
* @throws NoSuchAlgorithmException if no JCE support.
* @throws CertificateException if certificate corrupt.
*/
private static X509Certificate getPrivateCert()
throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException
{
final KeyStore keystore = KeyStore.getInstance( "JKS" );
keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
);
return ( X509Certificate ) keystore.getCertificate(
RECEIVERS_PRIVATE_CERTIFICATE_ALIAS );
}

/**
* get the receiver's public cert from standalone cert file.
*
* @return certificate containing public key
* @throws FileNotFoundException if missing certificate file.
* @throws CertificateException if certificate corrupt.
*/
private static X509Certificate getPublicCert()
throws FileNotFoundException, CertificateException
{
// instead of generating a secret key, we use a certificate,
containing the receiver's public key
final FileInputStream fis = new FileInputStream(
RECEIVERS_PUBLIC_CERTIFICATE );
final CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
return ( X509Certificate ) cf.generateCertificate( fis );
}

/**
* read an enciphered file and retrieve its plaintext message.
*
* @param cipher method used to encrypt the file
* @param privateCert certificate, including private key of
recipient.
* @param file file where the message was written.
* @return the reconstituted decrypted message.
* @throws java.security.InvalidKeyException
* if something wrong with the key.
* @throws java.io.IOException if problems reading the file.
*/
@SuppressWarnings( { "JavaDoc" } )
private static String readCiphered( Cipher cipher, X509Certificate
privateCert, File file )
throws InvalidKeyException, IOException
{
cipher.init( Cipher.DECRYPT_MODE, privateCert );

final CipherInputStream cin = new CipherInputStream( new
FileInputStream( file ), cipher );

// read big endian short length, msb then lsb
final int messageLengthInBytes = ( cin.read() << 8 ) |
cin.read();
System.out.println( file.length() + " enciphered bytes in
file" );
System.out.println( messageLengthInBytes + " reconstituted
bytes" );

final byte[] reconstitutedBytes = new
byte[messageLengthInBytes];

// we can't trust CipherInputStream to give us all the data in
one shot
int bytesReadSoFar = 0;

int bytesRemaining = messageLengthInBytes;
while ( bytesRemaining > 0 )
{
final int bytesThisChunk = cin.read( reconstitutedBytes,
bytesReadSoFar, bytesRemaining );
if ( bytesThisChunk == 0 )
{
throw new IOException( file.toString() + " corrupted."
);
}
bytesReadSoFar += bytesThisChunk;
bytesRemaining -= bytesThisChunk;
}
cin.close();
return new String( reconstitutedBytes, CHARSET );
}

/**
* write a plaintext message to a file enciphered.
*
* @param cipher the method to use to encrypt the file.
* @param publicCert the certificate, containing public key of
recipient.
* @param file the file to write the encrypted message to.
* @param plainText the plaintext of the message to write.
* @throws java.security.InvalidKeyException
* if something is wrong with the key
* @throws java.io.IOException if there are problems writing the
file.
* .
*/
private static void writeCiphered( Cipher cipher, X509Certificate
publicCert, File file, String plainText )
throws InvalidKeyException, IOException
{
cipher.init( Cipher.ENCRYPT_MODE, publicCert );
final CipherOutputStream cout = new CipherOutputStream( new
FileOutputStream( file ), cipher );
final byte[] plainTextBytes = plainText.getBytes( CHARSET );
System.out.println( plainTextBytes.length + " plaintext bytes
written" );
// prepend with big-endian short message length, will be
encrypted too.
cout.write( plainTextBytes.length >>> 8 );// msb
cout.write( plainTextBytes.length & 0xff );// lsb
cout.write( plainTextBytes );
cout.close();
}

// --------------------------- main() method
---------------------------

/**
* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
*
* @param args not used
* @throws NoSuchAlgorithmException if RSA is not supported
* @throws NoSuchPaddingException if PKCS5 padding is not
supported.
* @throws InvalidKeyException if there is something wrong
with the key.
* @throws IOException if there are problems reading
or writing the file.
* @throws InvalidAlgorithmParameterException
* if programming error
* @throws NoSuchProviderException if no JCE support
* @throws KeyStoreException if .keystore corrupt.
* @throws CertificateException if either certificate corrupt.
*/
public static void main( String[] args ) throws
CertificateException,
InvalidAlgorithmParameterException,
InvalidKeyException,
IOException,
KeyStoreException,
NoSuchAlgorithmException,
NoSuchPaddingException,
NoSuchProviderException
{
// The secret message we want to send to our secret agent in
London.
final String plainText = "W. to visit Abu Ghraib for a hands
on, wink wink, tomorrow at 19:05.";

// use default Sun provider
final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +
BLOCK_MODE + "/" + PADDING );

final X509Certificate publicCert = getPublicCert();

// write out the ciphered message
writeCiphered( cipher, publicCert, new File( "transport.bin"
), plainText );

// now try reading message back in deciphering it.
final X509Certificate privateCert = getPrivateCert();

final String reconstitutedText = readCiphered( cipher,
privateCert, new File( "transport.bin" ) );

System.out.println( "original: " + plainText );
System.out.println( "reconstituted: " + reconstitutedText );

// output is:
// 68 plaintext bytes written
// 128 enciphered bytes in file
// -1 reconstituted bytes -- OOPS. Not deciphering
properly. Can't even read lead two encrypted bytes.
}
}
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      07-08-2008
On Mon, 7 Jul 2008 03:01:38 -0700 (PDT), (E-Mail Removed) wrote,
quoted or indirectly quoted someone who said :

>my source code is:
> Security.addProvider(new BouncyCastleProvider());


I have solved your problem, using Sun as the provider.
The code is posted at http://mindprod.com/jgloss/cipher.html#RSA

I would like to improve it by making it find the .keystore file
automatically. For now you must configure its location.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Browser crashes with below code.What is wrong in below code. kiran Javascript 12 12-07-2011 02:38 PM
why call cipher.getInstance(),throw below error? junzhang1983@gmail.com Java 2 07-07-2008 01:36 PM
why why why why why Mr. SweatyFinger ASP .Net 4 12-21-2006 01:15 PM
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
Could someone scan me a picture of the below? (Read Below) starlightvoyager@yahoo.com DVD Video 1 08-28-2006 05:42 AM



Advertisments